[Esapi-user] [Esapi-dev] ESAPI Random Number Generation Broken

Jim Manico jim.manico at owasp.org
Tue Jul 1 06:15:00 UTC 2014


Kevin,

AntiSamy has XML configuration and HTML Santitizer has programmatic 
configuration. By itself there is no default policy, could that be 
causing the problems?

- Jim

On 7/1/14, 2:10 PM, Kevin W. Wall wrote:
> On Tue, Jul 1, 2014 at 1:52 AM, Jim Manico <jim.manico at owasp.org> wrote:
>> I think Kevin is shifting to the HTML Sanitizer to remove dependencies.
>> Kevin?
> Well that was one my eventual goals for two reasons... one is that
> AntiSamy wasn't
> being actively maintained and I just replaced that one of the branches (sorry,
> don't remember which one and I may not have even checked it in). The
> other reason
> is that there were 2 or 3 dependencies that were directly sucked in by AntiSamy
> but not used elsewhere in ESAPI. Thus replacing AntiSamy with HTML Sanitizer
> would replace it with something that was being maintained and also reduce
> the total # of dependencies a bit.
>
> And speaking of which, this is something that I figured you might be able to
> work on since you are familiar with HTML Sanitizer. The only part that I had
> swapped out was the part that was using AntiSamy.
>
> -kevin



More information about the Esapi-user mailing list